With Commerce Server 2007 and 2009, if you are using a site based on the Core API such as the Starter Site, you can set the site to share cookie domain level at 2. If you have the web application non-secure hostname (for example: NonSecName.testsite.com) set to a different name than secure host name (for example: SecName.testsite.com, same testsite.com), the cookie sharing works correctly in Internet Explorer 6 and 7 but not in Internet Explorer 8.
The symptom: Anonymous user add items to cart, then switch the URL from the non-secure hostname to secure hostname by an action such as going to checkout, the items in the basket will disappear in Internet Explorer 8 for the same anonymous user.
Resolution: For code based on the Starter Site, modify the Starter Site code before you set the site_identity cookie, set Cookie.Domain= “testsite.com”.
(App_Code/SiteSecurity.cs) ________________________________________________________________ public static HttpCookie CreateUserCookie() { … cookie.Value = CommerceContext.Current.UserID; if (!isAnonymousUser) { cookie.Value += "/" + HashValue(userProfile.EmailAddress); } cookie.Domain = "testsite.com";/*Jason: this is what I added*/ HttpContext.Current.Response.Cookies.Set(cookie); …